<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
    <meta charset="UTF-8" />
    <meta http-equiv="Content-Type" content="text/html;charset=xxxx">
    <title>DOM型XSS演示</title>
</head>
<body>
<h3>DOM型XSS演示：</h3>
你通过url发送的domxss参数如下：<br/>
<div id="MyStr"></div>
<script type="text/javascript">
    function getQueryString(name){
        var reg = new RegExp("(^|&)"+ name +"=([^&]*)(&|$)");
        var r = window.location.search.substr(1).match(reg);
        if(r!=null)return  decodeURI(r[2]); return null;
    }
    // 调用方法
    document.getElementById("MyStr").innerHTML=(getQueryString("domxss"));
</script>
</body>
</html>